On Tue, 5 Sep 2000, David Honig wrote:


>  The more hard-core distribute keys to previously known
>parties on physical media, only.
>

I have long felt that PGP missed a trick when it didn't have 
automatic expiry for keys -- It should be possible to build 
into each key an expiration date, fixed at the time of its 
creation.  For shorter keys, it ought to default to expiring 
sooner, and not allow expiry more than a year or two out.  
For a 2048 bit key, it ought to default to something like 10 
years and let you pick a term up to a century.  

This would solve one of the biggest problems -- old keys that 
should long since have expired but which go right on getting 
used. 

As for the other big problem -- compromise revocations -- 
The CA's sure as heck ought to propagate compromise certs the 
same way news articles get propagated, and not allow them to 
expire until the key they refer to would have expired.  There 
has to be a way to validate a compromise cert though - otherwise 
someone could kill a key by sending a spurious one to any CA. 
Once a CA is sure that a compromise cert is valid (by whatever 
protocol you've worked out with your initial CA, which may 
include you showing up in person and signing a piece of paper 
saying the key is dead), it ought to digitally sign the damn 
thing, and that would begin the propagation process.  

I guess I'm more a believer in a "web of CA's" than I am in a 
"Web of Trust", at least as it applies to encryption use in 
public or in businesses.  In a conspiracy, you've got your own 
CA, and it doesn't necessarily talk to anyone else's, and that's 
the way it should be.  Among Friends, you've got your web of 
trust, and that's the way it should be.  

                                Ray Dillinger


Reply via email to